A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
Weakness
The product uses or accesses a resource that has not been initialized.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libwebp | Webmproject | * | 1.0.1 (excluding) |
| Red Hat Enterprise Linux 7 | RedHat | qt5-qtimageformats-0:5.9.7-2.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | libwebp-0:1.0.0-5.el8 | * |
| Libwebp | Ubuntu | bionic | * |
| Libwebp | Ubuntu | devel | * |
| Libwebp | Ubuntu | esm-infra-legacy/trusty | * |
| Libwebp | Ubuntu | esm-infra/bionic | * |
| Libwebp | Ubuntu | esm-infra/focal | * |
| Libwebp | Ubuntu | esm-infra/xenial | * |
| Libwebp | Ubuntu | focal | * |
| Libwebp | Ubuntu | groovy | * |
| Libwebp | Ubuntu | hirsute | * |
| Libwebp | Ubuntu | impish | * |
| Libwebp | Ubuntu | jammy | * |
| Libwebp | Ubuntu | trusty | * |
| Libwebp | Ubuntu | trusty/esm | * |
| Libwebp | Ubuntu | xenial | * |
Potential Mitigations
References
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496
- https://bugzilla.redhat.com/show_bug.cgi?id=1956927
- https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496
- https://bugzilla.redhat.com/show_bug.cgi?id=1956927
- https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52